VulnerableCode Vulnerability Details - VCID-dwdk-kk6d-43b2

Search for vulnerabilities

Vulnerability details: VCID-dwdk-kk6d-43b2

Essentials
Severities (7)
References (5)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-dwdk-kk6d-43b2
Aliases	GHSA-5w6v-399v-w3cc
Summary	Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1395	Dependency on Vulnerable Third-Party Component
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-5w6v-399v-w3cc
generic_textual	LOW	https://github.com/sparklemotion/nokogiri
cvssv3.1_qr	LOW	https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc
generic_textual	LOW	https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc
generic_textual	LOW	https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
generic_textual	LOW	https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
generic_textual	LOW	https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8

Reference id	Reference type	URL
		https://github.com/sparklemotion/nokogiri
		https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
		https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8
GHSA-5w6v-399v-w3cc		https://github.com/advisories/GHSA-5w6v-399v-w3cc
GHSA-5w6v-399v-w3cc		https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc

No exploits are available.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2025-04-21T23:43:54.527718+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-5w6v-399v-w3cc	36.0.0